Skip to content

XSS 导致客户端 RCE 2 #3444

New issue
New issue
Closed
Closed
XSS 导致客户端 RCE 2#3444
Assignees
88250Vanessa219
Labels
Bug
Milestone
 
1.5.4
@Echocipher

Description

@Echocipher
Echocipher
opened on Nov 18, 2021

描述问题 Describe the problem

漏洞产生原因详情请见XSS导致客户端RCE,仅通过黑名单的方式进行过滤是无法保证安全性的,更换Payload如下

![a]("<img src=xss onerror=alert(1)>)

image

之后还可以进行命令执行

image

版本环境 Version environment

  • Version: v1.5.3
  • Operating system: Windows/Mac
  • Browser (if used): all

Activity

88250
self-assigned this
on Nov 18, 2021
88250
added
Bug
on Nov 18, 2021
88250
added this to the 1.5.4 milestone on Nov 18, 2021
88250

88250 commented on Nov 18, 2021

@88250
88250
on Nov 18, 2021
Member

仅通过黑名单的方式进行过滤是无法保证安全性的

大佬有什么建议吗?

Echocipher

Echocipher commented on Nov 18, 2021

@Echocipher
Echocipher
on Nov 18, 2021
Author

仅通过黑名单的方式进行过滤是无法保证安全性的

大佬有什么建议吗?

XSS主要是对输入进行处理,可以参考一些类似于DOMPurify的框架,命令执行的问题可以升级electron或者配置一下electron的nodeIntegration

88250
assigned
Vanessa219
on Nov 20, 2021
88250

88250 commented on Nov 20, 2021

@88250
88250
on Nov 20, 2021
Member

仅通过黑名单的方式进行过滤是无法保证安全性的

大佬有什么建议吗?

XSS主要是对输入进行处理,可以参考一些类似于DOMPurify的框架,命令执行的问题可以升级electron或者配置一下electron的nodeIntegration

感谢指导啊,我们继续改进一下对 HTML 属性的过滤处理,实现代码见 https://github.com/88250/lute/blob/master/render/sanitizer.go

88250
added a commit that references this issue on Nov 20, 2021

🐛 Protyle XSS 导致客户端 RCE 2 siyuan-note/siyuan#3444

5fc26dd
88250
closed this as completedon Nov 20, 2021
Chenrt-ggx
mentioned this on May 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

Bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @88250@Vanessa219@Echocipher

      Issue actions
        XSS 导致客户端 RCE 2 · Issue #3444 · siyuan-note/siyuan